News

Australia must become a regional cyber-security leader

By Philip Seltsikas and Max Soyref. First published in The Sydney Morning Herald.

4 February 2013

There is a growing number of cyber security incidents perpetrated by nation states, organised-crime groups and hacktivist movements, say Philip Seltsikas and Max Soyref. [Image: Flickr/thatgrumguy, used under the Creative Commons licence]

Julia Gillard has named "integrated cyber policy and operations" one of three key national security strategy priorities for the next five years. As part of this strategy we will see the establishment of the Australian Cyber Security Centre by the end of this year.

This is a commendable move, but should serve only as a first step in the government's efforts in cyberspace. Australia must lead the region in dealing with cyber warfare, cyber terrorism and cyber crime using our extensive technological capacity and existing regional relationships.

This leadership role will, or course, demand we confront the elephant in the room, our largest trading partner, China.

Hopefully, Australia's strong diplomatic links in the Asia-Pacific that led to it being elected to the UN Security Council last year will help balance the increasing power of dominant cyber players such as China and provide support to smaller, yet key strategic partners, that are falling behind in their cyber defence capabilities.

The Australian Cyber Security Centre will bring together government bodies currently engaged in cyber intelligence and cyber-threat response, including the Cyber Security Operations Centre which sits within the Defence Signals Directorate (DSD) and CERT Australia, and formed in 2009-2010. The new body will serve as a key link between the government, industry and the international community.

The announcement comes among a growing number of cyber security incidents perpetrated by nation states, organised-crime groups and hacktivist movements. China and Iran are said to be actively targeting businesses and government organisations around the world using state-sponsored hacker teams for intelligence and disruption purposes. Russia and several of its neighbouring countries serve as a hub for some of the major organised cyber crime syndicates, while actions of hacker groups such as Anonymous and LulzSec continue to wreak havoc around the world.

Government response to such pervasive threats has been imminent with most global players building up their security capabilities, developing cyber security legislation and strengthening international cooperation links. While the US is working on clarifying its rules of engagement for cyber warfare and taking on a more offensive stance against potential enemies, the EU has recently announced an overhaul of its cyber security response capabilities, streamlining its policy across the 27 member states.

Closer to home, India is currently working on the national cyber security architecture aimed at countering espionage and sabotage against its IT infrastructure. China, while facing a fragmented cyber security policy space and a growing domestic cybercrime challenge, remains one of the strongest cyber security players with mature defensive and offensive capabilities and a well-funded infrastructure and technology investment program.

The Australian Cyber Security Centre offers a unique opportunity for Australia to build on its existing defence alliances and establish itself as one of the key players in the region. The government should build beyond existing US-Australia cyber security defence ties to include closer ties with its other defence partners, such as Japan and Britain. Strengthening ties with the EU through ascension to the EU Convention on Cybercrime is a step in the right direction. These global linkages will extend and strengthen Australian cyber intelligence and response capabilities, given the dispersed nature of modern cyber threats.

With cyber security seen as one of its key defence priorities, Australia should aim to establish itself as one of the dominant players in the Asia-Pacific region. Similarly to how Oman's computer emergency readiness team has been widely recognised as a leading regional cyber security centre for North Africa and the Middle East, the new Australian Cyber Security Centre could become a leading force in the Asia-Pacific.

Such a move would align with the government's desire to "promote greater trust and confidence in cyberspace across the region" and protect Australian government and business interests globally. Fostering domestic engineering and research capacity will ensure that Australia remains at the forefront of computer technology and possesses the skilled workforce to become one the leaders of Asia-Pacific cyber community.